49fad54863fcd57879d581eb406e9ca3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49fad54863fcd57879d581eb406e9ca3_JaffaCakes118
Size

312KB
MD5

49fad54863fcd57879d581eb406e9ca3
SHA1

57babffdbd7eeebc8ec7a6b6f3e004b6c1d66e50
SHA256

310122a624cffe3f9d1d5adb98406624e7ae356d5b09dcbd29bcb239be303559
SHA512

d94f7ed15c69d876ffda971b081ebb86b151371973c55b02e17cd7cd9f1b7b2beb6ce9a25fb8330b3e88c36b40945216717ff37518e264f66d7049d6f30ee45f
SSDEEP

6144:5sbWw3xArpxsBY2h1SyNJq2fhVJyBsCKlYDNiuohwc7rwmSwqclJxSiJquo7ZfgE:5sqw3xArpxsBY2h1SyNJq2fhVJyBsdll

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49fad54863fcd57879d581eb406e9ca3_JaffaCakes118

Files

49fad54863fcd57879d581eb406e9ca3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe75293a8f2c2824b1dbb00c269e83cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

MCIWndCreateA

winmm

mciSendCommandA

mfc42

ord4964
ord4961
ord4108
ord4524
ord5240
ord3748
ord1726
ord5259
ord3399
ord4432
ord3734
ord303
ord813
ord4272
ord3571
ord3626
ord6008
ord4000
ord2414
ord1641
ord4464
ord939
ord859
ord3303
ord3287
ord537
ord926
ord6283
ord6282
ord2149
ord3914
ord2408
ord6069
ord2011
ord3296
ord6270
ord3663
ord2405
ord2753
ord5785
ord613
ord640
ord1640
ord323
ord289
ord3495
ord1199
ord3619
ord4275
ord3797
ord5875
ord3874
ord2289
ord1158
ord4202
ord1849
ord2583
ord4403
ord5253
ord3371
ord3641
ord4220
ord2584
ord3654
ord801
ord654
ord610
ord541
ord341
ord287
ord2438
ord4244
ord2558
ord6696
ord3996
ord1644
ord6007
ord3910
ord2148
ord3286
ord3301
ord6907
ord1151
ord1193
ord3302
ord5861
ord6883
ord5857
ord5858
ord5602
ord5608
ord5603
ord940
ord6143
ord6139
ord6140
ord3293
ord536
ord4774
ord4204
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord794
ord674
ord527
ord366
ord602
ord6502
ord693
ord4776
ord2763
ord5884
ord2921
ord2012
ord2764
ord2087
ord6067
ord4146
ord6000
ord2117
ord2863
ord3072
ord5852
ord3481
ord3916
ord2252
ord3452
ord6215
ord2086
ord4499
ord2975
ord5732
ord3566
ord2817
ord2652
ord5681
ord1669
ord4543
ord4299
ord4337
ord6378
ord6197
ord6380
ord3181
ord4058
ord2781
ord5856
ord6605
ord4413
ord5749
ord5282
ord2915
ord4615
ord4160
ord5265
ord4853
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5289
ord4622
ord4526
ord4529
ord561
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord1247
ord3567
ord4698
ord5714
ord6453
ord2859
ord2725
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord2535
ord6785
ord4123
ord2575
ord4396
ord3574
ord609
ord2587
ord4406
ord3394
ord3729
ord804
ord4267
ord6740
ord2582
ord4402
ord4545
ord3640
ord2299
ord2453
ord6784
ord4278
ord1105
ord3317
ord6905
ord6662
ord3398
ord3733
ord810
ord4271
ord3297
ord1768
ord812
ord6144
ord559
ord2450
ord2754
ord2567
ord6172
ord1175
ord5862
ord5572
ord5610
ord4365
ord5085
ord1714
ord4404
ord5258
ord3722
ord796
ord529
ord4265
ord2585
ord4755
ord3294
ord4531
ord4890
ord4723
ord2096
ord1168
ord1146
ord3811
ord3337
ord551
ord6654
ord686
ord755
ord642
ord825
ord327
ord3598
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4349
ord4341
ord5076
ord4532
ord4892
ord4370
ord4899
ord4588
ord4589
ord1942
ord823
ord2379
ord4284
ord356
ord5683
ord2770
ord1200
ord1980
ord2862
ord3290
ord668
ord535
ord2614
ord2645
ord2116
ord795
ord3721
ord355
ord2515
ord3499
ord5710
ord4129
ord922
ord2370
ord860
ord4376
ord4710
ord6334
ord2642
ord3092
ord5981
ord5280
ord2864
ord4234
ord2302
ord2301
ord2365
ord793
ord324
ord567
ord641
ord656
ord3610
ord3402
ord2446
ord5261
ord5290
ord6374
ord5241
ord6055
ord3719
ord3597
ord4425
ord1775
ord6052
ord2514
ord4998
ord4465
ord3259
ord3147
ord2982
ord3738
ord815
ord3998
ord470
ord5277
ord2124
ord2444
ord5248
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5279
ord4353
ord6369
ord5163
ord2385
ord5234
ord4407
ord1776
ord4078
ord6053
ord1712
ord1709
ord5082
ord2389
ord4121
ord5471
ord4056
ord4364
ord2530
ord6154
ord4235
ord540
ord4274
ord800
ord2818
ord6199
ord941
ord924
ord858
ord4612
ord384
ord4610
ord4457
ord3370
ord6619
ord4277
ord620
ord6802
ord807
ord354
ord5186
ord2920
ord2380
ord6565
ord1576
ord6491
ord6749
ord6860
ord6931
ord6594
ord6593
ord6862
ord5063
ord2639
ord5871
ord5885
ord6146
ord6625
ord4163
ord3289
ord4454
ord2452
ord4268
ord554
ord4400
ord3730
ord5064
ord1715
ord1710
ord5086
ord4366
ord3295
ord6385
ord5645
ord268
ord353
ord5773
ord1979
ord665

msvcrt

_mbsicmp
__CxxFrameHandler
_itoa
_access
__setusermatherr
fclose
tolower
fread
fopen
strrchr
_mbscmp
fwrite
_chdir
_stricmp
_strnicmp
atoi
_splitpath
_strdup
_except_handler3
rand
srand
??1type_info@@UAE@XZ
_setmbcp
rename
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
strtod
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
?terminate@@YAXXZ
abort
strstr
printf
_memccpy
strncpy
malloc
free
_strupr
sprintf
strchr
time

kernel32

LocalAlloc
lstrlenA
GetFileSize
LocalFree
SetFilePointer
WriteFile
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeFormatA
GetDateFormatA
SetLastError
GetComputerNameA
lstrcpynA
DeviceIoControl
OutputDebugStringA
GetDriveTypeA
SetErrorMode
GetVolumeInformationA
GetStartupInfoA
GetModuleHandleA
ResumeThread
FindFirstFileA
FindNextFileA
FindClose
GetLogicalDrives
GetVersion
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CreateMutexA
GetSystemDefaultLangID
CreateFileA
ReadFile
CloseHandle
GetTempPathA
DeleteFileA
GetCurrentDirectoryA
RemoveDirectoryA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetWindowsDirectoryA
GetFileAttributesA
LoadLibraryA
FreeLibrary
lstrcpyA
WideCharToMultiByte
CreateDirectoryA
GetProcAddress
GetModuleFileNameA
GetCurrentThread
GetLastError
GetCurrentProcess
GetVersionExA
WinExec
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
GetSystemDirectoryA
SetEvent
CreateEventA
ResetEvent

user32

ReleaseCapture
CheckMenuItem
EnableMenuItem
GetDesktopWindow
GetCursorPos
WindowFromPoint
SetCapture
LoadBitmapA
ExitWindowsEx
LoadCursorA
GetFocus
SendMessageA
GetParent
PostMessageA
EnableWindow
GetClientRect
LoadIconA
SetCursor
ClientToScreen
CreatePopupMenu
GetCursor
GetKeyState
FillRect
EqualRect
IntersectRect
SetRect
MessageBoxA
LoadStringA
IsWindowEnabled
GetDC
IsWindow
SetMenu
SetForegroundWindow
GetSystemMetrics
SetActiveWindow
GetForegroundWindow
UpdateWindow
GetWindowRect
IsZoomed
IsIconic
GetMenu
DeleteMenu
RegisterWindowMessageA
MapVirtualKeyA
GetKeyNameTextA
FindWindowA
RedrawWindow
PtInRect
LoadMenuA
ShowWindow
MoveWindow
InvalidateRect
DrawTextA
OffsetRect
CopyRect
InflateRect
GetSysColor
GetMenuState
ReleaseDC
SystemParametersInfoA
AppendMenuA
SetMenuItemInfoA
GetMenuStringA
GetMenuItemCount
GetMenuItemInfoA
MapWindowPoints
KillTimer
SetTimer
ModifyMenuA
GetSubMenu

gdi32

CreateCompatibleBitmap
GetObjectA
GetStockObject
CreateFontIndirectA
BitBlt
GetTextExtentPoint32A
SetPixel
CreateCompatibleDC

advapi32

RegSetKeySecurity
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegEnumKeyA
GetUserNameA
RegDeleteValueA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegOpenKeyA
RegCreateKeyExA
RegEnumValueA
LookupAccountNameA
RegCreateKeyA

shell32

ExtractIconA
ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragQueryFileA
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

comctl32

ImageList_GetImageCount
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_AddMasked
ImageList_GetIconSize
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter

ole32

CoCreateInstance
CoInitialize
CoUninitialize

fsvcdcntnt

?SetVcdFile@CVcdContentView@@QAEHVCString@@@Z
?SetNextFocus@CVcdContentView@@QAEHPAVCWnd@@@Z
?SetOldPosition@CVcdContentView@@QAEHH@Z
?GetOldPosition@CVcdContentView@@QAEHXZ
?RestoreWindow@CVcdContentView@@QAEHXZ
?IsViewMin@CVcdContentView@@QAEHXZ
?SetVcdContentFocus@CVcdContentView@@QAEHXZ
?SetVcdFile@CVcdContentView@@QAEHVCString@@00H@Z
?SetSplitterWnd@CVcdContentView@@QAEHPAVCSplitterWnd@@H@Z
?classCVcdContentView@CVcdContentView@@2UCRuntimeClass@@B

logo

CloseLogoWnd
?ExitLogoWnd@@YAXXZ
OpenLogoWnd

about

DisplayAbout

fslodlib

ord1

fartcp

?CloseReceive@CFarTCP@@QAEXXZ
?CloseSend@CFarTCP@@QAEXXZ
?OpenSend@CFarTCP@@QAEHHH@Z
?OpenAccept@CFarTCP@@QAEHPAUHWND__@@KHH@Z
?GetLocalIP@CFarTCP@@QAE?AVCString@@XZ
?SendFBData@CFarTCP@@QAEXPBXH@Z
??1CFarTCP@@UAE@XZ
??0CFarTCP@@QAE@XZ
?GetRuntimeClass@CGeneralSocket@@UBEPAUCRuntimeClass@@XZ

setupapi

SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

Exports

Exports

??0CGeneralSocket@@QAE@XZ
??1CGeneralSocket@@UAE@XZ
??BCGeneralSocket@@QAEIXZ
??_7CGeneralSocket@@6B@

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Check_S
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe75293a8f2c2824b1dbb00c269e83cf

Headers

File Characteristics

Imports

msvfw32

winmm

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

fsvcdcntnt

logo

about

fslodlib

fartcp

setupapi

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 242KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 25KB

.Check_S Size: 4KB - Virtual size: 40B

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 244KB - Virtual size: 242KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 25KB

.Check_S
Size: 4KB - Virtual size: 40B

.rsrc
Size: 4KB - Virtual size: 4KB